UNIQ+ Digital participant privacy notice
In the course of completing the Graduate Access Programme application form, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your personal data
We will use the personal data you have provided (which may include sensitive or "special category" data) to deliver UNIQ+ Digital, including the provision of mentoring from current University of Oxford DPhil students and academic supervisors (where possible), administrative support, and the provision of facilities or services (eg access to IT facilities, etc).
We are processing your data for this purpose only because you have given us your consent to do so by signing up to UNIQ+ Digital. You can withdraw your consent at any time by contacting us at firstname.lastname@example.org. In this event, we will stop the processing as soon as we can. However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent
We will add some of your data to the Higher Education Access Tracker database (HEAT), which we use to record information about our outreach activities and those who take part in them. HEAT is a shared database used by a variety of organisations to identify which activities are most helpful in preparing students for higher education and progressing to employment. Users include the University, its colleges, student organisations, educational charities and relevant public bodies (eg UCAS). The data added to HEAT comprises your personal details (name, gender, date of birth, postcode and school) and the events or activities in which you have participated. You can read further details about how your data on HEAT is used in the HEAT privacy notice.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above, including University of Oxford DPhil student mentors participating in the UNIQ+ Digital programme.
We may also disclose your personal data to our third party service providers or subcontractors in connection with the UNIQ+ Digital programme. Activities that may be carried out by third-party service providers include IT services, email services and survey provision services. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Where we share your data with a third party, we will seek to share the minimum amount necessary.
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements. Further information will be available in the University’s Guide on the Retention of Student Data and Records.
Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.
Where we store and use your data
We store and use your data on University premises, in both a manual and electronic form.
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example, when we or a data processor acting on our behalf communicate with you using a cloud based service provider that operates outside the EEA, such as Zoom Video Communications Inc.
Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under
- the EU US Privacy Shield;
- the transfer is governed by approved contractual clauses;
- the transfer has your consent;
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
Information on your rights in relation to your personal data are explained on the Individual rights page of our Compliance website.